I have a lot of objects, all of which need a particular number tagged on them so I can quickly tell the customer accordingly. But the problem is that the customer should not know what these numbers say (I write how much I buy the object for).

Is there any way I can encode them so that i can quickly decode and understand what the words mean?

I would suggest a polyalphabetic substitution cipher, possibly encoded in a different base (convert cost to hex, then sub characters)
–
Richie FrameOct 14 '13 at 9:52

1

@RichieFrame Good luck converting to hexadecimal mentally.. you might as well use the substitution cipher directly on the decimal digits. Test: how advanced are the adversary's capabilities? Have you got a concrete threat model to go on? If you're talking about a random person seeing some numbers and trying to make sense of them on the fly, this is where security through obscurity might be more cost-effective (e.g. interleave the digits, then increment each digit by a constant you remember, modulo 10, etc..). But for anything more permanent you'll need something better.
–
ThomasOct 14 '13 at 13:08

3 Answers
3

I wouldn't try and do this mentally. Whatever you come up with will be insecure, slow and error prone.

Here's what I would do:

Each box would have a QR-code on it that you print and attach to the item.

You then scan the item with your phone.

Your phone has 128-bit key saved to it that is unique to that device.

The phone decrypts the QR code and displays the associated data inside the QR code.

The bigger QR-codes can store enough data that you can actually do the crypto properly with the proper IVs and authentication tags. AES in GCM mode would be my suggestion.

This solution has the advantage that it's very quick to decode the message on the boxes, the underlying scheme is secure, and QR-codes have automatic error correction capabilities, so they can resist damage.

Or, even better, just make a simple database of the objects and their prices, with a unique (possibly random) ID for each object, and tag the objects with those IDs. Assuming you don't have billions of items, you phone should be able to store the database just fine. As a bonus, you can have the phone display the name (or a description) of the item, so you can tell if the customer has switched the tags.
–
Ilmari KaronenOct 14 '13 at 17:22

I remember reading about a scheme for doing this in a childrens' cryptography book when I was a kid. Choose a ten-letter word with no repeated letters, and use this to represent the digits 0-9. I think the example from the book was REPUBLICAN, but there are surely plenty of alternatives. Using this word, you'd get

REPUBLICAN
0123456789

10.71 = ERCE

250.22 = PLRPP

etc.

This is pretty easy to break--if I saw it in a store I think I'd probably be able to break it in my head with a little work (figuring out the first digit of prices shouldn't be so hard.).

You could make it a little tougher by having some null letters which have no meaning, and using them to make labels that are harder to decode. Suppose your nulls are JQXZ. Then you could have

4.22 = JBPXXPQ

You could also use fixed length "words" and have only some letter positions matter, or use two different ten-letter codes, or whatever. You won't ever get a really strong cryptosystem out of it, but if you're not trying to sell stuff to a convention of cryptographers, some scheme like this might work okay.

You can invent your own set of signs for numbers 0..9, and a second set of signs for the order of magnitude, in the case you want to store for example 2 digits of precision, so you can have 25 cents 2.5 dollars or 25 thousand dollars, so you're not leaking anything. Also remember to remove the label with the coded price before giving the product to your customer.